Identify Risk with the InsightAppSec API

Scans run attacks on the selected URLs in your app to identify weaknesses that could lead to vulnerabilities. The specific attack types, URLs, and many other options are set in the scan configs. After starting scans, you can monitor and manage active scans. Retrieve your scan results to identify risks discovered in the scan.

API identifying risk workflow

Run a Scan

Prerequisites

Operation

POST

URL

https://us.api.insight.rapid7.com/ias/v1/scans

Headers

1
X-Api-Key : {{Insight API Key}}
2
Content-Type : application/json

Body

1
{
2
"scan_config": {
3
"id": "{{Scan Config ID}}"
4
}
5
}

Expected Response

Status

201 Created

Header

Location : https://us.api.insight.rapid7.com:443/ias/v1/scans/{{Scan ID}}

Retrieve Scan Results

Prerequisites

Operation POST

URL

https://us.api.insight.rapid7.com/ias/v1/search

Headers

1
X-Api-Key : {{Insight API Key}}
2
Content-Type : application/json

Body

1
{
2
"type":"VULNERABILITY",
3
"query":"vulnerability.scans.id='{{Scan ID}}'"
4
}

Expected Response

Status

200 OK

Body

Details of vulnerabilities found in the scan presented in JSON format.

Additional Resources

To learn more about the API, see the API overview.

Supported Regions

You can change the base URL of the API based on your region. See Supported Regions for a specific base URL based on your location.